<?
session_start();
include 'functions.php';
include 'connect.php';

// Check if user has permission to view spec
// Check if it is his spec

$output = json_encode(array("status"=>"error", "message"=>"NO"));

$specId = mysql_real_escape_string($_POST['specId']);

if(isset($_SESSION['password']) && isset($_SESSION['email']) && isset($_SESSION['userId']) && isset($_POST['specId'])){
	$password = mysql_real_escape_string($_SESSION['password']);
	$email = mysql_real_escape_string($_SESSION['email']);
	
	$validate = checkUser($email, $password, 1);
	
	if($validate == 1){
		// is validated and user owns spec
		$abfrage = "
				DELETE FROM ffxivc_specs WHERE
				specId = \"".$specId."\"
				AND 
				userId = \"".$_SESSION['userId']."\"
				";
		
		$res = mysql_query($abfrage);
			
		if ($res){
			// delete the image of the spec
			$file = "../media/specImages/".$specId.".png";
			unlink($file);
			
			// delete comment
			$abfrage = "
				DELETE FROM ffxivc_comments WHERE
				specId = \"".$specId."\"
				AND 
				userId = \"".$_SESSION['userId']."\"
				";
		
			$res = mysql_query($abfrage);
		
			// delete ratings
			$abfrage = "
				DELETE FROM ffxivc_ratings WHERE
				specId = \"".$specId."\"
				AND 
				userId = \"".$_SESSION['userId']."\"
				";
		
			$res = mysql_query($abfrage);
			
			$output = json_encode(array("status"=>"success", "message"=>"DELETED"));
		}
	}else{
		$output = json_encode(array("status"=>"error", "message"=>"NOTUSER"));
	}
}

echo $output; 

?>
